Valve has paid a hacker a complete of $20,000 for reporting a bug that allowed anybody to generate hundreds of Steam keys free of charge. The bug not exists, clearly. Sorry, you can not use it to get a load of free PC games, you little scamp.
You may query why anybody would report such a bug – absolutely they might make a great deal of cash from promoting these keys, an absolute fortune the truth is? It’s true, however searching Steam bugs and reporting them to Valve is what Artem Moskowsky likes to do. He calls himself knowledgeable “bug hunter” and he’s excellent at what he does.
As Kotaku experiences, and as filed on the bug searching website HackerOne, the bug that Moskowsky discovered used an exploit inside Steam’s developer instruments. Part of those instruments permits game makers to generate as many Steam keys for his or her games as they want. However, anybody who knew of the bug and had entry to these instruments was capable of generate hundreds of Steam keys for any game.
Moskowsky defined to The Register how straightforward this was to do as soon as the bug was found. “I managed to bypass the verification of ownership of the game by changing only one parameter,” he stated. “After that, I could enter any ID into another parameter and get any set of keys.”
Doing this, at one level Moskowsky was capable of generate 36,000 Steam keys for Portal 2. Rather than exploit this additional, Moskowsky reported the bug to Valve privately in August, who investigated it and promptly mounted it, solely making public the bug’s existence on October 31.
Surprisingly, this isn’t the largest payout for a Steam bug that Moskowsky has had. In July of this 12 months he obtained $25,000 from Valve for reporting a SQL Injection bug. Makes sense that he would report the Steam key bug after this and get the cash somewhat than threat being sued by Valve if he continued to take advantage of it and the developer discovered .
Source